CVE-2023-38486

EUVD-2023-42302
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.7 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
hpeCNA
7.7 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
arubanetworksarubaos
8.6.0.22 <
𝑥
< 8.6.0.22
arubanetworksarubaos
8.10.0.7 <
𝑥
< 8.10.0.7
arubanetworksarubaos
8.11.1.1 <
𝑥
< 8.11.1.1
arubanetworksarubaos
10.4.0.2 <
𝑥
< 10.4.0.2
arubanetworksarubaos
8.6.0.0 ≤
𝑥
< 8.6.0.22
arubanetworksarubaos
8.10.0.0 ≤
𝑥
< 8.10.0.7
arubanetworksarubaos
8.11.0.0 ≤
𝑥
< 8.11.1.1
arubanetworksarubaos
10.4.0.0 ≤
𝑥
< 10.4.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt